[](https://github.com/call518/LogSentinelAI/actions/workflows/pypi-publish.yml)
# LogSentinelAI - LLM-Powered Log Analyzer for Security Events and Anomalies
LogSentinelAI leverages LLM to analyze security events, anomalies, and errors from various logs including Apache, Linux, and converts them into structured data that can be visualized with Elasticsearch/Kibana.
## π Key Features
> β‘οΈ **Declarative Extraction**
>
> In each analyzer script, simply declare the desired result structure as a Pydantic class, and the LLM will automatically analyze logs and return results as JSON matching that schema. No complex parsing or post-processingβjust declare what you want, and the AI handles the rest. This approach enables developers to focus on "what to extract" declaratively, while the LLM takes care of "how to extract"βa modern paradigm for information extraction.
```python
# Example: Just declare the result structure you want in your HTTP Access log analyzer
from pydantic import BaseModel
class MyAccessLogResult(BaseModel):
ip: str
url: str
is_attack: bool
# By defining only the result structure (Pydantic class) like above,
# the LLM automatically analyzes each log and returns JSON like this:
# {
# "ip": "192.168.0.1",
# "url": "/admin.php",
# "is_attack": true
# }
```
### AI-Based Analysis
- **LLM Providers**: OpenAI API, Ollama, vLLM
- **Supported Log Types**: HTTP Access, Apache Error, Linux System, TCPDump
- **Threat Detection**: SQL Injection, XSS, Brute Force, Network Anomaly Detection
- **Output**: Structured JSON with Pydantic validation
- **Adaptive Sensitivity**: Automatic detection sensitivity adjustment based on LLM models and log type-specific prompts
### Processing Modes
- **Batch**: Bulk analysis of historical logs
- **Real-time**: Sampling-based live monitoring
- **Access Methods**: Local files, SSH remote
### Data Enrichment
- **GeoIP**: MaxMind GeoLite2 City lookup (including coordinates, Kibana geo_point support)
- **Statistics**: IP counts, response codes, various metrics
- **Multi-language Support**: Configurable result language (default: Korean)
### Enterprise Integration
- **Storage**: Elasticsearch (ILM policy support)
- **Visualization**: Kibana dashboard
- **Deployment**: Docker containers
## Dashboard Example
## π JSON Output Example
## System Architecture
```
βββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββ
β Log Sources ββββ>β LogSentinelAI ββββ>β Elasticsearch β
β β β Analysis β β β
β β’ Local Files β β β β β’ Security β
β β’ Remote SSH β β β’ LLM Analysis β β Events β
β β’ HTTP Access β β β’ Outlines β β β’ Raw Logs β
β β’ Apache Error β β β’ Pydantic β β β’ Metadata β
β β’ System Logs β β Validation β β β
β β’ TCPDump β β β’ Multi-format β β β
β (Auto-detect) β β Support β β β
βββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββ
β β
βΌ βΌ
βββββββββββββββββββ βββββββββββββββββββ
β LLM Provider β β Kibana β
β β β Dashboard β
β β’ OpenAI β β β
β β’ Ollama β β β’ Visualization β
β β’ vLLM β β β’ Alerts β
β β β β’ Analytics β
β β β β’ Geo-Map β
βββββββββββββββββββ βββββββββββββββββββ
```
## π Project Structure and Main Python Scripts
### Core Python Components
```
src/logsentinelai/
βββ __init__.py # Package initialization
βββ cli.py # Main CLI entry point and command routing
βββ py.typed # mypy type hint marker
β
βββ analyzers/ # Log type-specific analyzers
β βββ __init__.py # Analyzer package initialization
β βββ httpd_access.py # HTTP access log analyzer (Apache/Nginx)
β βββ httpd_apache.py # Apache error log analyzer
β βββ linux_system.py # Linux system log analyzer (syslog/messages)
β βββ tcpdump_packet.py # Network packet capture analyzer
β
βββ core/ # Core analysis engine (modularized)
β βββ __init__.py # Core package initialization and integrated import
β βββ commons.py # Batch/real-time analysis common functions, processing flow definition
β βββ config.py # Environment variable-based configuration management
β βββ llm.py # LLM model initialization and interaction
β βββ elasticsearch.py # Elasticsearch integration and data transmission
β βββ geoip.py # GeoIP lookup and IP enrichment
β βββ ssh.py # SSH remote log access
β βββ monitoring.py # Real-time log monitoring and processing
β βββ utils.py # Log processing utilities and helpers
β βββ prompts.py # Log type-specific LLM prompt templates
β
βββ utils/ # Utility functions
βββ __init__.py # Utils package initialization
βββ geoip_downloader.py # MaxMind GeoIP DB downloader
```
### CLI Command Mapping
```bash
# CLI commands are mapped to analyzer scripts:
logsentinelai-httpd-access β analyzers/httpd_access.py
logsentinelai-apache-error β analyzers/httpd_apache.py
logsentinelai-linux-system β analyzers/linux_system.py
logsentinelai-tcpdump β analyzers/tcpdump_packet.py
logsentinelai-geoip-download β utils/geoip_downloader.py
```
### π Sample Log Preview
#### HTTP Access Log
```
54.36.149.41 - - [22/Jan/2019:03:56:14 +0330] "GET /filter/27|13%20%D9%85%DA%AF%D8%A7%D9%BE%DB%8C%DA%A9%D8%B3%D9%84,27|%DA%A9%D9%85%D8%AA%D8%B1%20%D8%A7%D8%B2%205%20%D9%85%DA%AF%D8%A7%D9%BE%DB%8C%DA%A9%D8%B3%D9%84,p53 HTTP/1.1" 200 30577 "-" "Mozilla/5.0 (compatible; AhrefsBot/6.1; +http://ahrefs.com/robot/)" "-"
31.56.96.51 - - [22/Jan/2019:03:56:16 +0330] "GET /image/60844/productModel/200x200 HTTP/1.1" 200 5667 "https://www.zanbil.ir/m/filter/b113" "Mozilla/5.0 (Linux; Android 6.0; ALE-L21 Build/HuaweiALE-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.158 Mobile Safari/537.36" "-"
31.56.96.51 - - [22/Jan/2019:03:56:16 +0330] "GET /image/61474/productModel/200x200 HTTP/1.1" 200 5379 "https://www.zanbil.ir/m/filter/b113" "Mozilla/5.0 (Linux; Android 6.0; ALE-L21 Build/HuaweiALE-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.158 Mobile Safari/537.36" "-"
40.77.167.129 - - [22/Jan/2019:03:56:17 +0330] "GET /image/14925/productModel/100x100 HTTP/1.1" 200 1696 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" "-"
91.99.72.15 - - [22/Jan/2019:03:56:17 +0330] "GET /product/31893/62100/%D8%B3%D8%B4%D9%88%D8%A7%D8%B1-%D8%AE%D8%A7%D9%86%DA%AF%DB%8C-%D9%BE%D8%B1%D9%86%D8%B3%D9%84%DB%8C-%D9%85%D8%AF%D9%84-PR257AT HTTP/1.1" 200 41483 "-" "Mozilla/5.0 (Windows NT 6.2; Win64; x64; rv:16.0)Gecko/16.0 Firefox/16.0" "-"
40.77.167.129 - - [22/Jan/2019:03:56:17 +0330] "GET /image/23488/productModel/150x150 HTTP/1.1" 200 2654 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" "-"
40.77.167.129 - - [22/Jan/2019:03:56:18 +0330] "GET /image/45437/productModel/150x150 HTTP/1.1" 200 3688 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" "-"
40.77.167.129 - - [22/Jan/2019:03:56:18 +0330] "GET /image/576/article/100x100 HTTP/1.1" 200 14776 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" "-"
66.249.66.194 - - [22/Jan/2019:03:56:18 +0330] "GET /filter/b41,b665,c150%7C%D8%A8%D8%AE%D8%A7%D8%B1%D9%BE%D8%B2,p56 HTTP/1.1" 200 34277 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" "-"
40.77.167.129 - - [22/Jan/2019:03:56:18 +0330] "GET /image/57710/productModel/100x100 HTTP/1.1" 200 1695 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" "-"
```
#### Apache Error Log
```
[Thu Jun 09 06:07:04 2005] [notice] LDAP: Built with OpenLDAP LDAP SDK
[Thu Jun 09 06:07:04 2005] [notice] LDAP: SSL support unavailable
[Thu Jun 09 06:07:04 2005] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Jun 09 06:07:05 2005] [notice] Digest: generating secret for digest authentication ...
[Thu Jun 09 06:07:05 2005] [notice] Digest: done
[Thu Jun 09 06:07:05 2005] [notice] LDAP: Built with OpenLDAP LDAP SDK
[Thu Jun 09 06:07:05 2005] [notice] LDAP: SSL support unavailable
[Thu Jun 09 06:07:05 2005] [error] env.createBean2(): Factory error creating channel.jni:jni ( channel.jni, jni)
[Thu Jun 09 06:07:05 2005] [error] config.update(): Can't create channel.jni:jni
[Thu Jun 09 06:07:05 2005] [error] env.createBean2(): Factory error creating vm: ( vm, )
```
#### Linux System Log
```
Jun 14 15:16:01 combo sshd(pam_unix)[19939]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=218.188.2.4
Jun 14 15:16:02 combo sshd(pam_unix)[19937]: check pass; user unknown
Jun 14 15:16:02 combo sshd(pam_unix)[19937]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=218.188.2.4
Jun 15 02:04:59 combo sshd(pam_unix)[20882]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=220-135-151-1.hinet-ip.hinet.net user=root
Jun 15 02:04:59 combo sshd(pam_unix)[20884]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=220-135-151-1.hinet-ip.hinet.net user=root
Jun 15 02:04:59 combo sshd(pam_unix)[20883]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=220-135-151-1.hinet-ip.hinet.net user=root
Jun 15 02:04:59 combo sshd(pam_unix)[20885]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=220-135-151-1.hinet-ip.hinet.net user=root
Jun 15 02:04:59 combo sshd(pam_unix)[20886]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=220-135-151-1.hinet-ip.hinet.net user=root
Jun 15 02:04:59 combo sshd(pam_unix)[20892]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=220-135-151-1.hinet-ip.hinet.net user=root
Jun 15 02:04:59 combo sshd(pam_unix)[20893]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=220-135-151-1.hinet-ip.hinet.net user=root
```
#### TCPDump Packet Log
```
2025-07-20 14:00:00.228603 IP 150.165.103.133.443 > 163.62.4.236.54372: Flags [P.], seq 2408409918:2408411378, ack 41863130, win 32850, length 1460
0x0000: 6c6c d367 9a69 100e 7ecb 53f0 0800 4500 ll.g.i..~.S...E.
0x0010: 05dc ae4a 4000 3906 e77c 96a5 6785 a33e ...J@.9..|..g..>
0x0020: 04ec 01bb d464 8f8d 6b3e 027e c7da 5018 .....d..k>.~..P.
0x0030: 8052 1642 0000 .R.B..
2025-07-20 14:00:00.228605 IP 192.242.209.255.5830 > 52.107.241.218.443: Flags [P.], seq 229435932:229435963, ack 245183773, win 2048, options [nop,nop,TS val 1083882715 ecr 5831867], length 31
0x0000: 6c6c d367 9a69 100e 7ecb 53f0 0800 4500 ll.g.i..~.S...E.
0x0010: 0053 0000 4000 3906 886d c0f2 d1ff 346b .S..@.9..m....4k
0x0020: f1da 16c6 01bb 0dac ea1c 0e9d 351d 8018 ............5...
0x0030: 0800 b76e 0000 0101 080a 409a bcdb 0058 ...n......@....X
```
## π Installation Guide
For installation, environment setup, CLI usage, Elasticsearch/Kibana integration, and all practical guides for LogSentinelAI, please refer to the installation documentation below.
π **[Go to Installation and Usage Guide: INSTALL.en.md](./INSTALL.en.md)**
> β‘οΈ For additional inquiries, please use GitHub Issues/Discussions!
Raw data
{
"_id": null,
"home_page": null,
"name": "logsentinelai",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.11",
"maintainer_email": null,
"keywords": "ai, cybersecurity, elasticsearch, llm, log-analysis, security, threat-detection",
"author": null,
"author_email": "JungJungIn <call518@gmail.com>",
"download_url": "https://files.pythonhosted.org/packages/84/16/9fbc1b01ed7cec74b86d921e814b4610757ae9f9f89f8db722eb0d094e2a/logsentinelai-0.3.0.tar.gz",
"platform": null,
"description": "[](https://github.com/call518/LogSentinelAI/actions/workflows/pypi-publish.yml)\n\n# LogSentinelAI - LLM-Powered Log Analyzer for Security Events and Anomalies\n\nLogSentinelAI leverages LLM to analyze security events, anomalies, and errors from various logs including Apache, Linux, and converts them into structured data that can be visualized with Elasticsearch/Kibana.\n\n## \ud83d\ude80 Key Features\n\n> \u26a1\ufe0f **Declarative Extraction**\n>\n> In each analyzer script, simply declare the desired result structure as a Pydantic class, and the LLM will automatically analyze logs and return results as JSON matching that schema. No complex parsing or post-processing\u2014just declare what you want, and the AI handles the rest. This approach enables developers to focus on \"what to extract\" declaratively, while the LLM takes care of \"how to extract\"\u2014a modern paradigm for information extraction.\n```python\n# Example: Just declare the result structure you want in your HTTP Access log analyzer\nfrom pydantic import BaseModel\n\nclass MyAccessLogResult(BaseModel):\n ip: str\n url: str\n is_attack: bool\n\n# By defining only the result structure (Pydantic class) like above,\n# the LLM automatically analyzes each log and returns JSON like this:\n# {\n# \"ip\": \"192.168.0.1\",\n# \"url\": \"/admin.php\",\n# \"is_attack\": true\n# }\n```\n\n### AI-Based Analysis\n- **LLM Providers**: OpenAI API, Ollama, vLLM\n- **Supported Log Types**: HTTP Access, Apache Error, Linux System, TCPDump\n- **Threat Detection**: SQL Injection, XSS, Brute Force, Network Anomaly Detection\n- **Output**: Structured JSON with Pydantic validation\n- **Adaptive Sensitivity**: Automatic detection sensitivity adjustment based on LLM models and log type-specific prompts\n\n### Processing Modes\n- **Batch**: Bulk analysis of historical logs\n- **Real-time**: Sampling-based live monitoring\n- **Access Methods**: Local files, SSH remote\n\n### Data Enrichment\n- **GeoIP**: MaxMind GeoLite2 City lookup (including coordinates, Kibana geo_point support)\n- **Statistics**: IP counts, response codes, various metrics\n- **Multi-language Support**: Configurable result language (default: Korean)\n\n### Enterprise Integration\n- **Storage**: Elasticsearch (ILM policy support)\n- **Visualization**: Kibana dashboard\n- **Deployment**: Docker containers\n\n## Dashboard Example\n\n\n\n## \ud83d\udccb JSON Output Example\n\n\n\n## System Architecture\n\n```\n\u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\n\u2502 Log Sources \u2502\u2500\u2500\u2500>\u2502 LogSentinelAI \u2502\u2500\u2500\u2500>\u2502 Elasticsearch \u2502\n\u2502 \u2502 \u2502 Analysis \u2502 \u2502 \u2502\n\u2502 \u2022 Local Files \u2502 \u2502 \u2502 \u2502 \u2022 Security \u2502\n\u2502 \u2022 Remote SSH \u2502 \u2502 \u2022 LLM Analysis \u2502 \u2502 Events \u2502\n\u2502 \u2022 HTTP Access \u2502 \u2502 \u2022 Outlines \u2502 \u2502 \u2022 Raw Logs \u2502\n\u2502 \u2022 Apache Error \u2502 \u2502 \u2022 Pydantic \u2502 \u2502 \u2022 Metadata \u2502\n\u2502 \u2022 System Logs \u2502 \u2502 Validation \u2502 \u2502 \u2502\n\u2502 \u2022 TCPDump \u2502 \u2502 \u2022 Multi-format \u2502 \u2502 \u2502\n\u2502 (Auto-detect) \u2502 \u2502 Support \u2502 \u2502 \u2502\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n \u2502 \u2502\n \u25bc \u25bc\n \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\n \u2502 LLM Provider \u2502 \u2502 Kibana \u2502\n \u2502 \u2502 \u2502 Dashboard \u2502\n \u2502 \u2022 OpenAI \u2502 \u2502 \u2502\n \u2502 \u2022 Ollama \u2502 \u2502 \u2022 Visualization \u2502\n \u2502 \u2022 vLLM \u2502 \u2502 \u2022 Alerts \u2502\n \u2502 \u2502 \u2502 \u2022 Analytics \u2502\n \u2502 \u2502 \u2502 \u2022 Geo-Map \u2502\n \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n```\n\n## \ud83d\udcc1 Project Structure and Main Python Scripts\n\n### Core Python Components\n\n```\nsrc/logsentinelai/\n\u251c\u2500\u2500 __init__.py # Package initialization\n\u251c\u2500\u2500 cli.py # Main CLI entry point and command routing\n\u251c\u2500\u2500 py.typed # mypy type hint marker\n\u2502\n\u251c\u2500\u2500 analyzers/ # Log type-specific analyzers\n\u2502 \u251c\u2500\u2500 __init__.py # Analyzer package initialization\n\u2502 \u251c\u2500\u2500 httpd_access.py # HTTP access log analyzer (Apache/Nginx)\n\u2502 \u251c\u2500\u2500 httpd_apache.py # Apache error log analyzer\n\u2502 \u251c\u2500\u2500 linux_system.py # Linux system log analyzer (syslog/messages)\n\u2502 \u2514\u2500\u2500 tcpdump_packet.py # Network packet capture analyzer\n\u2502\n\u251c\u2500\u2500 core/ # Core analysis engine (modularized)\n\u2502 \u251c\u2500\u2500 __init__.py # Core package initialization and integrated import\n\u2502 \u251c\u2500\u2500 commons.py # Batch/real-time analysis common functions, processing flow definition\n\u2502 \u251c\u2500\u2500 config.py # Environment variable-based configuration management\n\u2502 \u251c\u2500\u2500 llm.py # LLM model initialization and interaction\n\u2502 \u251c\u2500\u2500 elasticsearch.py # Elasticsearch integration and data transmission\n\u2502 \u251c\u2500\u2500 geoip.py # GeoIP lookup and IP enrichment\n\u2502 \u251c\u2500\u2500 ssh.py # SSH remote log access\n\u2502 \u251c\u2500\u2500 monitoring.py # Real-time log monitoring and processing\n\u2502 \u251c\u2500\u2500 utils.py # Log processing utilities and helpers\n\u2502 \u2514\u2500\u2500 prompts.py # Log type-specific LLM prompt templates\n\u2502\n\u2514\u2500\u2500 utils/ # Utility functions\n \u251c\u2500\u2500 __init__.py # Utils package initialization\n \u2514\u2500\u2500 geoip_downloader.py # MaxMind GeoIP DB downloader\n```\n\n### CLI Command Mapping\n\n```bash\n# CLI commands are mapped to analyzer scripts:\nlogsentinelai-httpd-access \u2192 analyzers/httpd_access.py\nlogsentinelai-apache-error \u2192 analyzers/httpd_apache.py \nlogsentinelai-linux-system \u2192 analyzers/linux_system.py\nlogsentinelai-tcpdump \u2192 analyzers/tcpdump_packet.py\nlogsentinelai-geoip-download \u2192 utils/geoip_downloader.py\n```\n\n### \ud83d\udcd1 Sample Log Preview\n\n#### HTTP Access Log\n```\n54.36.149.41 - - [22/Jan/2019:03:56:14 +0330] \"GET /filter/27|13%20%D9%85%DA%AF%D8%A7%D9%BE%DB%8C%DA%A9%D8%B3%D9%84,27|%DA%A9%D9%85%D8%AA%D8%B1%20%D8%A7%D8%B2%205%20%D9%85%DA%AF%D8%A7%D9%BE%DB%8C%DA%A9%D8%B3%D9%84,p53 HTTP/1.1\" 200 30577 \"-\" \"Mozilla/5.0 (compatible; AhrefsBot/6.1; +http://ahrefs.com/robot/)\" \"-\"\n31.56.96.51 - - [22/Jan/2019:03:56:16 +0330] \"GET /image/60844/productModel/200x200 HTTP/1.1\" 200 5667 \"https://www.zanbil.ir/m/filter/b113\" \"Mozilla/5.0 (Linux; Android 6.0; ALE-L21 Build/HuaweiALE-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.158 Mobile Safari/537.36\" \"-\"\n31.56.96.51 - - [22/Jan/2019:03:56:16 +0330] \"GET /image/61474/productModel/200x200 HTTP/1.1\" 200 5379 \"https://www.zanbil.ir/m/filter/b113\" \"Mozilla/5.0 (Linux; Android 6.0; ALE-L21 Build/HuaweiALE-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.158 Mobile Safari/537.36\" \"-\"\n40.77.167.129 - - [22/Jan/2019:03:56:17 +0330] \"GET /image/14925/productModel/100x100 HTTP/1.1\" 200 1696 \"-\" \"Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)\" \"-\"\n91.99.72.15 - - [22/Jan/2019:03:56:17 +0330] \"GET /product/31893/62100/%D8%B3%D8%B4%D9%88%D8%A7%D8%B1-%D8%AE%D8%A7%D9%86%DA%AF%DB%8C-%D9%BE%D8%B1%D9%86%D8%B3%D9%84%DB%8C-%D9%85%D8%AF%D9%84-PR257AT HTTP/1.1\" 200 41483 \"-\" \"Mozilla/5.0 (Windows NT 6.2; Win64; x64; rv:16.0)Gecko/16.0 Firefox/16.0\" \"-\"\n40.77.167.129 - - [22/Jan/2019:03:56:17 +0330] \"GET /image/23488/productModel/150x150 HTTP/1.1\" 200 2654 \"-\" \"Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)\" \"-\"\n40.77.167.129 - - [22/Jan/2019:03:56:18 +0330] \"GET /image/45437/productModel/150x150 HTTP/1.1\" 200 3688 \"-\" \"Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)\" \"-\"\n40.77.167.129 - - [22/Jan/2019:03:56:18 +0330] \"GET /image/576/article/100x100 HTTP/1.1\" 200 14776 \"-\" \"Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)\" \"-\"\n66.249.66.194 - - [22/Jan/2019:03:56:18 +0330] \"GET /filter/b41,b665,c150%7C%D8%A8%D8%AE%D8%A7%D8%B1%D9%BE%D8%B2,p56 HTTP/1.1\" 200 34277 \"-\" \"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)\" \"-\"\n40.77.167.129 - - [22/Jan/2019:03:56:18 +0330] \"GET /image/57710/productModel/100x100 HTTP/1.1\" 200 1695 \"-\" \"Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)\" \"-\"\n```\n\n#### Apache Error Log\n```\n[Thu Jun 09 06:07:04 2005] [notice] LDAP: Built with OpenLDAP LDAP SDK\n[Thu Jun 09 06:07:04 2005] [notice] LDAP: SSL support unavailable\n[Thu Jun 09 06:07:04 2005] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)\n[Thu Jun 09 06:07:05 2005] [notice] Digest: generating secret for digest authentication ...\n[Thu Jun 09 06:07:05 2005] [notice] Digest: done\n[Thu Jun 09 06:07:05 2005] [notice] LDAP: Built with OpenLDAP LDAP SDK\n[Thu Jun 09 06:07:05 2005] [notice] LDAP: SSL support unavailable\n[Thu Jun 09 06:07:05 2005] [error] env.createBean2(): Factory error creating channel.jni:jni ( channel.jni, jni)\n[Thu Jun 09 06:07:05 2005] [error] config.update(): Can't create channel.jni:jni\n[Thu Jun 09 06:07:05 2005] [error] env.createBean2(): Factory error creating vm: ( vm, )\n```\n\n#### Linux System Log\n```\nJun 14 15:16:01 combo sshd(pam_unix)[19939]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=218.188.2.4 \nJun 14 15:16:02 combo sshd(pam_unix)[19937]: check pass; user unknown\nJun 14 15:16:02 combo sshd(pam_unix)[19937]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=218.188.2.4 \nJun 15 02:04:59 combo sshd(pam_unix)[20882]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=220-135-151-1.hinet-ip.hinet.net user=root\nJun 15 02:04:59 combo sshd(pam_unix)[20884]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=220-135-151-1.hinet-ip.hinet.net user=root\nJun 15 02:04:59 combo sshd(pam_unix)[20883]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=220-135-151-1.hinet-ip.hinet.net user=root\nJun 15 02:04:59 combo sshd(pam_unix)[20885]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=220-135-151-1.hinet-ip.hinet.net user=root\nJun 15 02:04:59 combo sshd(pam_unix)[20886]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=220-135-151-1.hinet-ip.hinet.net user=root\nJun 15 02:04:59 combo sshd(pam_unix)[20892]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=220-135-151-1.hinet-ip.hinet.net user=root\nJun 15 02:04:59 combo sshd(pam_unix)[20893]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=220-135-151-1.hinet-ip.hinet.net user=root\n```\n\n#### TCPDump Packet Log\n```\n2025-07-20 14:00:00.228603 IP 150.165.103.133.443 > 163.62.4.236.54372: Flags [P.], seq 2408409918:2408411378, ack 41863130, win 32850, length 1460\n 0x0000: 6c6c d367 9a69 100e 7ecb 53f0 0800 4500 ll.g.i..~.S...E.\n 0x0010: 05dc ae4a 4000 3906 e77c 96a5 6785 a33e ...J@.9..|..g..>\n 0x0020: 04ec 01bb d464 8f8d 6b3e 027e c7da 5018 .....d..k>.~..P.\n 0x0030: 8052 1642 0000 .R.B..\n2025-07-20 14:00:00.228605 IP 192.242.209.255.5830 > 52.107.241.218.443: Flags [P.], seq 229435932:229435963, ack 245183773, win 2048, options [nop,nop,TS val 1083882715 ecr 5831867], length 31\n 0x0000: 6c6c d367 9a69 100e 7ecb 53f0 0800 4500 ll.g.i..~.S...E.\n 0x0010: 0053 0000 4000 3906 886d c0f2 d1ff 346b .S..@.9..m....4k\n 0x0020: f1da 16c6 01bb 0dac ea1c 0e9d 351d 8018 ............5...\n 0x0030: 0800 b76e 0000 0101 080a 409a bcdb 0058 ...n......@....X\n```\n\n## \ud83d\ude80 Installation Guide\n\nFor installation, environment setup, CLI usage, Elasticsearch/Kibana integration, and all practical guides for LogSentinelAI, please refer to the installation documentation below.\n\n\ud83d\udcd6 **[Go to Installation and Usage Guide: INSTALL.en.md](./INSTALL.en.md)**\n\n> \u26a1\ufe0f For additional inquiries, please use GitHub Issues/Discussions!\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "AI-Powered Log Analyzer - Leverages LLM to analyze log files and detect security events",
"version": "0.3.0",
"project_urls": {
"Documentation": "https://github.com/call518/LogSentinelAI#readme",
"Homepage": "https://github.com/call518/LogSentinelAI",
"Issues": "https://github.com/call518/LogSentinelAI/issues",
"Repository": "https://github.com/call518/LogSentinelAI.git"
},
"split_keywords": [
"ai",
" cybersecurity",
" elasticsearch",
" llm",
" log-analysis",
" security",
" threat-detection"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "363bc4c45b9d506a93751c36c2f52e58da11dc27c1fbce5b5b2990c4d5c874b8",
"md5": "798a8e62ab08cd97f9226938f130455f",
"sha256": "7fb354ead1f45adc1a328b58fe3f3c14901a50107f2cd07af139ec9604077cf0"
},
"downloads": -1,
"filename": "logsentinelai-0.3.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "798a8e62ab08cd97f9226938f130455f",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.11",
"size": 47037,
"upload_time": "2025-07-29T18:50:19",
"upload_time_iso_8601": "2025-07-29T18:50:19.822605Z",
"url": "https://files.pythonhosted.org/packages/36/3b/c4c45b9d506a93751c36c2f52e58da11dc27c1fbce5b5b2990c4d5c874b8/logsentinelai-0.3.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "84169fbc1b01ed7cec74b86d921e814b4610757ae9f9f89f8db722eb0d094e2a",
"md5": "ba1eb3ae9c4450ad0c2eba06ab2b94e5",
"sha256": "cbaaa6a66dfba85717d8a2041625c9fce157711713f9a657ab3c00ae11fc3679"
},
"downloads": -1,
"filename": "logsentinelai-0.3.0.tar.gz",
"has_sig": false,
"md5_digest": "ba1eb3ae9c4450ad0c2eba06ab2b94e5",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.11",
"size": 2546182,
"upload_time": "2025-07-29T18:50:21",
"upload_time_iso_8601": "2025-07-29T18:50:21.136527Z",
"url": "https://files.pythonhosted.org/packages/84/16/9fbc1b01ed7cec74b86d921e814b4610757ae9f9f89f8db722eb0d094e2a/logsentinelai-0.3.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-07-29 18:50:21",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "call518",
"github_project": "LogSentinelAI#readme",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "logsentinelai"
}
JSON
